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(57) A justification/authentication personal certifi- 
cate system stores in a remote database (3) a counter- 
part of an identifier (11) and a digital watermark con- 
tained in the personal certificate (1 0). The personal cer- 
tificate includes the digital watermark embedded in an 
authentic image (12) such as a facial photograph, a ret- 
inal scan, or a fingerprint. When the personal certificate 
is used, the authentic image is read from the personal 
certificate, and the digital watermark information is ex- 
tracted. The digital watermark information and the iden- 
tifier are compared with the counterparts stored in the 
database. If the extracted digital watermark information 
is identical to the information In the database, then the 
personal cerlificale is judged to be unjustifiable. In one 
embodiment, at least one of the identifier and digital wa- 
termark are changed each time the system justifies the 
personal certificate. 
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means and said digital watermark information generat- 
ed by said watermark information generating means in 
said database, an image input means for inputting a raw 
authentic image, a watermark-embedded image form- 
ing means for forming a watermark-embedded authen- 
tic image in which said digital watermark is embedded 
on said authentic image input by said image input 
means, and a persona! certificate that readably carries 
said authentic image generated by said watermark-em- 
bedded image forming means and said identifier gener- 
ated by said identifier generating means. 
[001 3] According to a further aspect of the invention, 
there is provided a personal certificate comprising: a 
unique identifier, an authentic image of an authorized 
user of said personal certificate, said authentic image 
being viewable by eye, said authentic image containing 
embedded therein digital watermark information corre- 
sponding to said identifier, and means for permitting 
communication of said identifier and said digital water- 
mark information to a database remote from said per- 
sonal certificate. 

[0014] Preferably, digital watermark information em- 
bedded in an authentic image is stored not only on the 
authentic image of a personal certificate but also on a 
database, and therefore only justifiable use is permitted 
following a comparison of the digital watermark informa- 
tion stored in the database and the digital watermark in- 
formation extracted from the personal certificate. 
[0015] For example, since the database itself is not 
modified even if digital watermark information is embed- 
ded expertly in the facial photograph of a personal cer- 
tificate stolen by the offender B, the comparison with the 
database fails, and the illegality of the offender B is ex- 
posed, that is to say, compared with the case in which 
security depends only on the authentic image of the per- 
sonal certificate, security can be greatly improved. 
[0016] Preferably, the digital watermark stored in the 
information carrier can be read as digital data, and 
therefore the digital watermark information can be ac- 
curately compared. 

[0017] Preferably, the information carrier is a semi- 
conductor memory or a magnetic material, and there- 
fore data can be stored without greatly increasing the 
weight of the personal certificate. 
[0018] Preferably, the authentic image is printed on 
printed matter, and therefore the personal certificate Is 
thinner and lighter. 

[0019] Preferably, random values are included in the 
digital watermark information. Therefore, persons who 
attempt falsification or alteration cannot predict the ran- 
dom portion of the information. This increases the diffi- 
culty of falsification. 

[0020] Preferably, the digital watermark information 
embedded in the facial photograph information of the 
database and of the personal certificate is updated 
whenever necessary or desirable. Therefore, infallible 
measures can be taken against falsification. 
[0021] Preferably, the database is located at a dis- 



tance from the place where the personal certificate is 
used. The data is communicated through a communica- 
tion network. Thus, the digital watermark information 
does not leak out as long as access to the database is 
s prevented. Therefore, the security of the system is im- 
proved. 

[0022] Various embodiments of the invention will now 
be more particularly described, by way of example, with 
reference to the accompanying drawings, in which: 

10 

Fig. 1 is a block diagram of a system according to 
a first embodiment of the present invention. 

Fig. 2 is a block diagram of a system according to 
is a second embodiment of the present invention. 

Fig. 3 is a flowchart showing an Issuing process ac- 
cording to the first embodiment of the present In- 
vention. 

20 

Fig. 4 is a flowchart showing an authentication proc- 
ess of the present invention. 

Fig. 5 schematically shows the relationship among 
25 a personal certificate, an identifier, a digital water- 
mark, and a database of the same. 

[0023] Embodiments of the present invention are de- 
scribed hereinafter with reference to the accompanying 

30 drawings. First, prior to the description of each embod- 
iment, the relationship among an identifier, digital wa- 
termark information, and a database according to the 
present invention is roughly described with reference to 
Fig. 5. A case where the photographic image of a face 

35 is used as an authentic image is primarily described be- 
low. 

[0024] As shown in Fig. 5, a personal certificate 5 in- 
cludes an identifier 1 and an authentic image 4. There 
is a one-to-one relationship between the identifier 1 and 

40 digital watermark information 2 which are stored in a da- 
tabase 3. In this example, for purposes of description, 
and not as a limitation, the identifier 1 is "123", and the 
digital watermark information 2 is "hogehoge". 
[0025] Referring to Fig. 1 , a system according to the 

45 first embodiment of the present invention employs a per- 
sonal certificate 1 0 shown at the upper left of Fig. 1 . The 
personal certificate 1 0 is one that has been issued ; and 
is used for authentication. A personal certificate 20 
shown at the upper right of Fig. 1 is being prepared for 

so issue, but has not yet been completed for issue. 

[0026] The completed and issued personal certificate 
10 has a display part 12 in which a photograph of a face 
or the like is displayed, a memory 13 as an information 
carrier, and an identifier 11 (in this embodiment, "123"). 

55 [0027] The personal certificate 10 further has an in- 
put-output port 14 to access the memory 13. If the ca- 
pacity is large enough to store an image, a magnetic 
material, such as a magnetic strip, may be used as an 
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ing aspects of the system are identical to the structure 
of Fig. 1. 

[0045] Next, the flow of a process for issuing the per- 
sonal certificate is described hereinafter with reference 
to Fig. 3. In the second embodiment, the technique of 
the reading/writing of the authentic image merely differs 
in the processing itself, and therefore the first embodi- 
ment is primarily described. 

[0046] First, the operator of this system or the owner 
of the personal certificate inputs necessary personal in- 
formation to the system using the input means 32 (step 
1). Thereafter, at step 2, the owner's face : corneal pat- 
tern, fingerprint, or other identifying pattern, is photo- 
graphed with the digital camera 33, scanner, or other 
device, to acquire an authentic image. 
[0047] At step 3, the control means 34 connects to the 
server 42 through the communication network 41 using 
the communication means 40. 

[0048] Thereafter, al step 4. the control means 34 re- 
quests the server 42 to generate an identifier and wa- 
termark information corresponding to this identifier 
through the communication means 40. 
[0049] In response to this, the identifier generating 
moans 43 on the server 42 side accesses the database 
3, and generates a new identifier that has not yet been 
assigned. The watermark information generating 
means 44 generates watermark information corre- 
sponding to this new identifier. The identifier and the wa- 
termark information are transmitted to the control means 
34 (step 5). 

[0050] The control means 34 receives them, and re- 
quests the watermark information registering means 38 
to register the received identifier and watermark infor- 
mation on the database 3 (step 6). In response to this 
demand, the server 42 stores the information in the da- 
tabase 3. Thereafter notification is transmitted to the 
control means 34 that the registration has been com- 
pleted (step 7). 

[0051] Upon receiving this notification, the control 
means 34 releases the connection with the server 42 
(step 8), and gives the received watermark information 
and the authentic image obtained from the digital cam- 
era 33 to the watermark-embedded image forming 
means 37, and thereby a watermark-embedded image 
is formed (step 9). 

[0052] At step 1 0, the watermark-embedded image 
formed as described above is transmitted to the write 
means 31. The write means 31 writes this image into 
the memory 23 through the input-output port 24, and the 
authentic image is displayed on the display part 22 when 
necessary. This completes the issuing process. 
[0053] Next, the authentication process is described 
with reference to Fig. 4. The personal certificate 1 0 that 
has been issued is inserted into the read means 30. 
First, the read means 30 reads an identifier 11 (herein 
"123") from the personal certificate 10 (step 20). The 
identifier may be input by any convenient device such 
as, for example, with the input means 32. 



[0054] Thereafter, at step 21, the read means 30 
reads the authentic image that is stored in the memory 
13 and in which digital watermark information is surely 
embedded, through the input-output port 14, 
s [0055] Thereafter, at step 22, the control means 34 
transmits the obtained authentic image to the watermark 
information extracting means 35, and causes the ex- 
tracting means 35 to extract watermark information from 
the authentic image. If this extraction fails (step 23), the 
10 control means 34 judges that the personal certificate 1 0 
is unjustifiable (step 24), and terminates the processing. 
[0056] On the other hand, if the extraction of the wa- 
termark information succeeds, the control means 34 
connects to the server 42 through the communication 
is means 40 (step 25). 

[0057] The control means 34 transmits the identifier 
1 1 that has been read from the personal certificate to 
the watermark information inquiring means 39, and 
causes the inquiring means 39 to acquire the watermark 
20 information corresponding to the identifier 11 (step 26), 
[0058] When receiving this inquiry, the server 42 re- 
trieves the watermark information corresponding to the 
identifier in the database 3. If the watermark information 
is not found, the server 42 sends a message that the 
25 corresponding information is not found. If the watermark 
information is found, the server 42 returns the found wa- 
termark information to the control means 34 (step 27). 
[0059] When the control means 34 receives the infor- 
mation from the server 42 : the control means 34 releas- 
ee es the connection (step 28). If the control means 34 re- 
ceives the message that the watermark information is 
not found (step 29), it is judged that the personal certif- 
icate 10 is unjustifiable (step 24), and the processing is 
terminated. 

35 [0060] On the other hand, when receiving the water- 
mark information, the control means 34 transmits the 
watermark information extracted by the watermark in- 
formation extracting means 35 and the watermark infor- 
mation received from the server 42 at this time to the 

40 watermark information comparing means 36 for a com- 
parison. If the watermark information from the two 
sources are found to be non-identical in the comparison 
made by the watermark information comparing means 
36, the control means 34 determines that the personal 

45 certificate 10 is unjustifiable (step 24), and terminates 
the processing. 

[0061] On the other hand, if the watermark informa- 
tion from the two sources are found to be identical in the 
comparison, the control means 34 determines that the 
so personal certificate 1 0 is justifiable (step 31 ), and com- 
pletes the processing. 

[0062] Preferably, when the watermark is judged to be 
justifiable, the same process as the main part of Fig. 3 
is carried out once again at step 32, and the watermark 
55 information corresponding to this identifier is updated 
(step 32). As a matter of course, the update means up- 
dates both the digital watermark embedded in the au- 
thentic image of the personal certificate 10 and the dig- 
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(38) for storing said identifier generated by said 
identifier generating means and said digital wa- 
termark information generated by said water- 
mark information generating means in said da- 
tabase; 

an image input means (32, 33) for inputting a 
raw authentic image; 

a watermark-embedded image forming means 
(37) for forming a watermark-embedded au- 
thentic image in which said digital watermark is 
embedded on said authentic image input by 
said image input means; and 
a personal certificate (10) that readably carries 
said authentic image generated by said water- 
mark-embedded image forming means and 
said identifier generated by said identifier gen- 
erating means. 

9. The personal certificate issuing system of claim 8, 
wherein: 

said personal certificate includes an informa- 
tion carrier (1 3) for storing said authentic im- 
age; and 

said authentic image includes a digital water- 
mark embedded in said authentic image stored 
in said information carrier. 

10. The personal certificate issuing system of claim 9, 
wherein said information earner is at least one of a 
semiconductor memory and a magnetic material. 

11. The personal certificate issuing system of claim 9 
wherein: 

said information carrier includes said authentic 

image being a printed authentic image affixed 

to said personal certificate; and 

said read means reads said printed authentic 

image. 

12. The personal certificate issuing system of claim 8, 
wherein at least one of said identifier and said digital 
watermark information includes an element that is 
randomly generated. 

13. The personal certificate issuing system of claim 8, 
wherein said digital watermark information stored in 
said database and embedded in said authentic im- 
age of said personal certificate are updated at a pre- 
determined time. 

1 4. The personal certificate issuing system of claim 1 3, 
wherein said predetermined time includes each 
time said system correctly justifies an authentic im- 
age. 

15. The personal certificate issuing system of claim 8, 



further comprising: 

a communication device for communicating 
said watermark information between said wa- 
5 termark information inquiring means and said 

database. 

16. A personal certificate (10) comprising: 

10 a unique identifier (11 ); 

an authentic image (12) of an authorized user 
of said personal certificate; 
said authentic image being viewable by eye; 
said authentic image containing embedded 
15 therein digital watermark information corre- 

sponding to said identifier; and 
means for permitting communication (40, 41 ) of 
said identifier and said digital watermark infor- 
mation to a database (3) remote from said per- 
20 sonal certificate. 

17. A method for issuing a personal authentication cer- 
tificate; the said method comprising the steps of: 

25 generating an identifier (11) unique to a person- 

al certificate (10); 

generating data relating to a digital watermark 
for the said identifier; 

storing data relating to the said identifier, digital 
30 watermark and personal certification in relation 

to each other; 

inputting an image to be associated with the 
said personal certification; 
processing the said image with the said water- 
35 mark data to form a watermark-embedded au- 

thentication image (12) for the said personal 
certificate. 

18. A method for authenticating a personal authentica- 
te tion certificate; the said method comprising the 

steps of: 

reading at least an authentication image (12) 
from a personal authentication certificate (3); 
4 5 processing the said authentication image (35) 

to extract data relating to watermark embedded 
in the said image; 

comparing the said extracted embedded water- 
mark data with watermark data stored in a data 
50 storage means (11) in relation to an identifier 

(11) for the said personal authentication certif- 
icate; 

determining whetherthe said extracted embed- 
ded watermark data corresponds with the said 
55 stored watermark data (36), whereby to au- 

thenticate the personal authentication certifi- 
cate. 
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(57) A justification/authentication personal certifi- 
cate system stores in a remote database (3) a counter- 
part of an identifier (11) and a digital watermark con- 
tained in the personal certificate (1 0). The personal cer- 
tificate includes the digital watermark embedded in an 
authentic image (12) such as a facial photograph, a ret- 
inal scan, or a fingerprint. When the personal certificate 
is used, the authentic image is read from the personal 
certificate, and the digital watermark information is ex- 
tracted. The digital watermark information and the iden- 
tifier are compared with the counterparts stored in the 
database. If the extracted digital watermark information 
is identical to the information in the database, then the 
personal certificate is judged to be unjustifiable. In one 
embodiment, at least one of the identifier and digital wa- 
termark arc changed each time the system justifies the 
personal certificate. 
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